InterVLAN Routing with unknown VLAN filtering

InterVLAN Routing

InterVLAN routing configuration consists of two main parts – VLAN tagging in switch-chip and routing in RouterOS. This configuration can be used in many applications by combining it with DHCP server, Hotspot, PPP and other features for each VLAN. Additionally this example covers blocking of unwanted other VLAN traffic on ports.

For routing add VLAN interfaces on master-port because it connects with CPU port and add IP addresses to created VLAN interfaces. In this example three 192.168.x.1 addresses are added to vlan200, vlan300 and vlan400 interfaces.

VLAN membership is defined by the VLAN table. Adding entries with VLAN id and ports makes that VLAN traffic valid on those ports. After valid VLAN configuration unknown/invalid VLAN forwarding can be disabled in global switch settings.

Mirroring

Mirroring

The Cloud Router Switches support three types of mirroring. Port based mirroring can be applied to any of switch-chip ports, VLAN based mirroring works for all specified VLANs regardless switch-chip ports and MAC based mirroring copies traffic sent or received from specific device reachable from the port configured in Unicast Forwarding Database.

Port Based Mirroring

The first configuration sets ether5 port as a mirror0 analyzer port for both ingress and egress mirroring, mirrored traffic will be sent to this port. Port based ingress and egress mirroring is enabled from ether7 port.

VLAN Based Mirroring

The second example requires ports to be switched in a group. Mirroring configuration sets ether5 port as a mirror0 analyzer port and sets mirror0 port to be used when mirroring from VLAN occurs. VLAN table entry enables mirroring only for VLAN 300 traffic between ether2 and ether7 ports.

MAC Based Mirroring

The third configuration also requires ports to be switched in a group. Mirroring configuration sets ether5 port as a mirror0 analyzer port and sets mirror0 port to be used when mirroring from Unicast Forwarding database occurs. The entry from Unicast Forwarding database enables mirroring for packets with source or destination MAC address E7:16:34:A1:CD:18 from ether8 port.

Trunking

The Trunking in the Cloud Router Switches provides IEEE802.3ad and IEEE802.1ax compliant link aggregation with hardware automatic failover and load balancing. Up to 8 Trunk groups are supported with up to 8 Trunk member ports per Trunk group.

Configuration requires a group of switched ports and an entry in the Trunk table.